14/12/2020
Eindhoven
IT
Netherlands

Product Security Compliance, Risk and Assurance Manager – Eindhoven

Eindhoven

Introduction

Based in the European epicentre of high-tech development in Eindhoven, our client is a key provider for the semiconductor industry and manufactures machines for the production of integrated circuits.

Organization

International Talent eurofirms.nl

Function

The product security compliance, risk, and assurance manager is responsible for assuring the business develops their products within the company’s cyber and information security risk appetite by developing, maintaining, and improving product security risk management framework -including means and methods- in alignment with the company’s risk appetite and business needs.

Your main responsibilities are:

  • Responsible for development, maintenance, and improvement of the product security compliance, risk, and assurance means and methods such as policies, standards, benchmarks, guidelines, assessment tooling, security processes, etc.;
  • Responsible for integration of product security means and methods in business/ product development processes;
  • Alignment of product security risk management framework with cross-product security reference architecture;
  • Execute product security control and risk assessments and drive mitigation in product development processes;
  • Responsible for registering and maintaining product security risks and exceptions in respective R&D registers;
  • Responsible for product security risk and assurance process, risk register, exception management process, incident management process, and product security policy framework management process, including process improvements;
  • Lead and drive maturity improvements, like embedding compliance, risk, and assurance means and methods in GRC, security management, and service management tooling;
  • Responsible for setup and maintenance of product security KPI’s reporting;
  • Provide and contribute to security awareness trainings for specialized topics such as secure software development.

Function-eisen

Education

Bachelor/ master degree or equivalent combination of education and experience.

Knowledge and Experience

  • Minimum of 10 years of relevant experience in IT security, OT security and information security risk management;
  • Strong IT and software architecture knowledge and background;
  • Proven experience with risk management frameworks such as ISO 27001;
  • Vendor agnostic expertise of IT/ software architecture;
  • Pre: proven experience in secure software development and secure programming;
  • Pre: Experience with certificates and encryption techniques.
  • Security certifications like CISSP, and CISM.
  • Specialized security risk certifications like CISA, CRISK, and ISO 27001 Lead Auditor.

Personal Skills

  • Skill to lead, influence, and negotiate without authority;
  • An business enabling security attitude in opposite to a business disabling one;
  • Strong analytical skills in combination with common sense;
  • Ability to translate risk, threats, and vulnerabilities to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite;
  • Pro-active and self-motivated attitude;
  • Political aware and sensitive;
  • Fluent English (written and verbal);
  • Team player;
  • Strong communication and presentation skills;
  • Drive to retrieve the root cause of the problem.

Context of the position

    The product security compliance, risk, and assurance manager is positioned within the Information Management, R&D Security Risk Management department which is part of the Development & Engineering business function. The product security compliance, risk, and assurance manager will functionally report to the product security focus group lead and hierarchically to the R&D sector security risk manager.

    Offer

    • Unique career opportunity at one of the best valued companies in the sector.
    • Very appealing salary conditions.

    Job application

    Send your fully detailed CV to thomas.buve@eurofirms.com